Abstract
Manage and investigate incidents in Cortex XSOAR.
Incidents are potential security data threats that SOC administrators identify and remediate. There are several incident triggers, including:
SIEM alerts
Mail alerts
Security alerts from third-party services, such as SIEM, mail boxes, data in CSV format, etc.
Cortex XSOAR includes several out-of-the-box incident types, and users can add custom incident types with custom fields, as necessary.